Google has developed a way to secure HTTPS against quantum attacks without increasing the size of TLS certificates

Google is developing quantum‑resistant certificates without increasing their size

Quantum computers can break modern X.509 certificates using Shor’s algorithm. In the traditional approach, protecting against such attacks would require enlarging cryptographic elements by almost 40 times—to about 2.5 kB. This would result in slower TLS handshakes and network slowdown, potentially causing users to abandon new protocols.

To avoid this, Google uses *Merkle trees*. In this structure, the certification authority signs only the “root” hash of a tree containing several million certificates. The certificate that the browser receives is merely a small proof that it is included in the tree. Thus, the size of the cryptographic signature remains the same at 64 bytes.

If Shor’s quantum algorithm were implemented in practice, attackers could forge classical signatures and public keys, as well as alter certificate timestamps. To counter this, Google employs quantum‑resistant signing algorithms, such as ML‑DSA. In that case an attacker would have to break both traditional encryption and post‑quantum schemes.

Merkle Tree Certificates (MTC)

- Guarantee protection against quantum attacks.
- Keep cryptographic data size within 64 bytes.
- Are already implemented in the Chrome browser.

For testing effectiveness, Cloudflare—the only company currently generating a distributed MTC ledger—has registered about one thousand TLS certificates of the new type.

In the future, the task of issuing such certificates is planned to be handed over to ordinary certification authorities. A working group PKI, Logs and Tree Signatures has already been formed to develop a long‑term solution.